diff options
| author | Tim Potter <tpot@samba.org> | 2003-05-26 06:59:38 +0000 |
|---|---|---|
| committer | Tim Potter <tpot@samba.org> | 2003-05-26 06:59:38 +0000 |
| commit | 0d3097c135e382f3540b2bb0fef0497af16d7344 (patch) | |
| tree | 1a962eddd9a3625fb5f4f4ffde70173ea31e1843 /source3/rpc_parse | |
| parent | ac33cc9ca328d42e75817aff34ab570339f732fe (diff) | |
| download | samba-0d3097c135e382f3540b2bb0fef0497af16d7344.tar.gz samba-0d3097c135e382f3540b2bb0fef0497af16d7344.tar.bz2 samba-0d3097c135e382f3540b2bb0fef0497af16d7344.zip | |
This fixes net rpc vampire when talking to win2k (<sp3). win2k sends
back a different sized blob of encrypted password data then we were
expecting. There's an extra 32 bytes of unknown stuff.
(This used to be commit 285952fd626b02362fb6732f90c5a3ce0d2d5ae0)
Diffstat (limited to 'source3/rpc_parse')
| -rw-r--r-- | source3/rpc_parse/parse_net.c | 6 | ||||
| -rw-r--r-- | source3/rpc_parse/parse_prs.c | 8 |
2 files changed, 7 insertions, 7 deletions
diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c index 2c99d54b1b..7d04eace23 100644 --- a/source3/rpc_parse/parse_net.c +++ b/source3/rpc_parse/parse_net.c @@ -2129,12 +2129,12 @@ static BOOL net_io_sam_account_info(const char *desc, uint8 sess_key[16], if (!prs_uint32("pwd_len", ps, depth, &len)) return False; old_offset = ps->data_offset; - if (len == 0x44) + if (len > 0) { if (ps->io) { /* reading */ - if (!prs_hash1(ps, ps->data_offset, sess_key)) + if (!prs_hash1(ps, ps->data_offset, sess_key, len)) return False; } if (!net_io_sam_passwd_info("pass", &info->pass, @@ -2144,7 +2144,7 @@ static BOOL net_io_sam_account_info(const char *desc, uint8 sess_key[16], if (!ps->io) { /* writing */ - if (!prs_hash1(ps, old_offset, sess_key)) + if (!prs_hash1(ps, old_offset, sess_key, len)) return False; } } diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c index e0a75d7382..88150c718b 100644 --- a/source3/rpc_parse/parse_prs.c +++ b/source3/rpc_parse/parse_prs.c @@ -1316,7 +1316,7 @@ int tdb_prs_fetch(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps, TALLOC_CTX *me /******************************************************************* hash a stream. ********************************************************************/ -BOOL prs_hash1(prs_struct *ps, uint32 offset, uint8 sess_key[16]) +BOOL prs_hash1(prs_struct *ps, uint32 offset, uint8 sess_key[16], int len) { char *q; @@ -1326,12 +1326,12 @@ BOOL prs_hash1(prs_struct *ps, uint32 offset, uint8 sess_key[16]) #ifdef DEBUG_PASSWORD DEBUG(100, ("prs_hash1\n")); dump_data(100, sess_key, 16); - dump_data(100, q, 68); + dump_data(100, q, len); #endif - SamOEMhash((uchar *) q, sess_key, 68); + SamOEMhash((uchar *) q, sess_key, len); #ifdef DEBUG_PASSWORD - dump_data(100, q, 68); + dump_data(100, q, len); #endif return True; |